ClawHub

Percept Voice Commands

Security checks across malware telemetry and agentic risk

Overview

This voice-control skill appears purpose-aligned, but it gives ambient speech a broad path to trigger OpenClaw CLI actions without enough documented safeguards.

Install only if you intentionally want voice input to control OpenClaw actions. Use distinctive wake words, avoid shared or noisy environments, confirm that high-risk commands require explicit approval, and review how to pause listening, inspect logs, and disable or remove the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documented default wake words include generic phrases like "take notes" and "send an email," which are likely to occur in normal conversation and can trigger unintended command capture. In a skill that forwards detected commands to an agent for execution, accidental activation increases the risk of unauthorized actions, especially in shared or noisy environments.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Allowing custom wake words without any specificity, exclusion criteria, or safety guidance creates an ambiguous invocation boundary. Users may configure everyday phrases that collide with ambient speech, causing unintended activations and downstream command execution through the OpenClaw agent.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill description explains voice command routing and ambient speech wake-word detection, but it does not clearly warn users that speech is being continuously monitored and that matched commands may be forwarded for execution. This creates a significant consent and safety gap because users or bystanders may not understand that passive listening can directly trigger agent actions.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal